Privacy Policy

1. Information We Collect

One Line Loop collects minimal data necessary to provide our service:

Account Information

• Email address: Required for authentication and daily email delivery
• Password: Encrypted and stored securely by Firebase Authentication
• Display name: Optional, collected from Google sign-in if used
• Account creation date: For service management

Usage Data

• Daily entries: Your one-line responses (≤120 characters each) - encrypted before storage
• Timezone preference: To schedule daily prompts at 8:00pm local time
• Streak data: Current and best streak counts, last entry date
• Entry timestamps: When entries were created and last updated
• Entry source: Whether entered via web or email link
• Encryption keys: Client-side generated encryption keys for securing your entries

Email Data

• Email delivery status: Whether daily prompts were sent successfully
• Email events: Opens, clicks, bounces, spam reports (via Mailtrap)
• Email tracking: Email open and click tracking for deliverability
• Email headers: Minimal headers for email delivery

Payment Information

• Subscription status: Active plan and billing cycle
• Stripe customer ID: For billing management
• Payment processing: Handled entirely by Stripe (we don't store payment details)

2. How We Use Your Information

We use your data solely to provide the One Line Loop service:

• Send daily email prompts at your preferred time
• Process and store your daily entries
• Calculate and display your streak statistics
• Provide access to your entry history
• Manage your subscription and billing
• Ensure email deliverability and handle bounces
• Provide customer support when needed

3. Data Storage and Security

Your data is stored securely using industry-standard practices:

• Firebase/Firestore: Google's secure cloud database with encryption at rest
• Authentication: Firebase Auth with secure password hashing
• Access control: Firestore security rules ensure users can only access their own data
• Email processing: Mailtrap handles email delivery with industry-standard security
• Payment processing: Stripe handles all payment data with PCI compliance

4. Encryption and who can read your journal

We designed One Line Loop so your journal stays private to your account and invisible to other users.

• Writing in the web app: Your line is encrypted in the browser using TweetNaCl-style cryptography before it is written to Firestore. What we store is ciphertext tied to your keys—not plain text in normal operation.
• Your keys: A keypair is associated with your account so you can decrypt your entries when signed in. Key material is handled as described in your account data (including encrypted secret key material).
• Account isolation: Firestore security rules allow only the authenticated owner to read or write their own entries documents. Other One Line Loop users cannot read your journal.
• Email and inbound replies: If you reply by email, our server receives the message body so it can process your line. When your account has a public key configured, we encrypt that content for storage like other entries. We do not use your journal text for advertising and we do not sell it.
• Infrastructure: Data lives on Google Cloud (Firebase). As with any cloud service, the platform operator has datacenter-level controls; we do not access your journal for marketing or product analytics.

Plain language: Your entries are meant to be encrypted in the app, locked to your login, and off-limits to other customers. We are honest that hosted infrastructure and email processing exist—see the sections above—so you can decide if that meets your threat model.

5. Data Sharing

We do not sell, rent, or share your personal information with third parties except:

• Service providers: Firebase (Google), Stripe, and Mailtrap as necessary to provide the service
• Legal requirements: When required by law or to protect our rights
• Business transfers: In the event of a merger or acquisition (with notice)

We never share your daily entries or personal content with other users or third parties.

6. Data Retention

We retain your data as follows:

• Account data: Until you delete your account
• Daily entries: Until you delete your account
• Email logs: 90 days for deliverability monitoring
• Payment records: As required by law and Stripe's policies

7. Your Rights

You have the right to:

• Access: View all data we have about you
• Correction: Update your account information
• Deletion: Delete your account and all associated data
• Portability: Export your entries in a readable format
• Opt-out: Disable email notifications

To exercise these rights, contact us at hello@onelineloop.xyz

8. Cookies and Tracking

We use minimal tracking:

• Firebase Auth: Session cookies for authentication
• Analytics: We use Google Analytics and Firebase Analytics to understand how you use our app and improve your experience
• No advertising: We don't show ads or track for advertising purposes
• Email tracking: Basic open/click tracking via Mailtrap for deliverability

9. International Data Transfers

Your data may be processed in:

• Australia: Primary service location
• United States: Firebase, Stripe, and Mailtrap servers
• European Union: Some Firebase regions

All transfers are protected by appropriate safeguards and service provider agreements.

10. Children's Privacy

One Line Loop is not intended for children under 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected such information, we will delete it immediately.

11. Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Significant changes will be communicated via email to active subscribers.

12. Contact Us

If you have questions about this privacy policy or our data practices, contact us at:

Email: hello@onelineloop.xyz